| Message ID | 20231215142251.52393-1-Michael.Glembotzki@iris-sensing.com |
|---|---|
| Headers | show
Return-Path: <swupdate+bncBDY5JUXLVIEBBSOC6GVQMGQE2NFPDIQ@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
unprotected) header.d=googlegroups.com header.i=@googlegroups.com
header.a=rsa-sha256 header.s=20230601 header.b=SJKHsPkO;
dkim=pass (2048-bit key;
unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
header.s=20230601 header.b=nSmYINkH;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
(client-ip=2a00:1450:4864:20::340; helo=mail-wm1-x340.google.com;
envelope-from=swupdate+bncbdy5juxlviebbsoc6gvqmgqe2nfpdiq@googlegroups.com;
receiver=patchwork.ozlabs.org)
Received: from mail-wm1-x340.google.com (mail-wm1-x340.google.com
[IPv6:2a00:1450:4864:20::340])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4SsBJt6Sqpz23nt
for <incoming@patchwork.ozlabs.org>; Sat, 16 Dec 2023 01:23:10 +1100 (AEDT)
Received: by mail-wm1-x340.google.com with SMTP id
5b1f17b1804b1-40c28da6667sf4470245e9.3
for <incoming@patchwork.ozlabs.org>;
Fri, 15 Dec 2023 06:23:10 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1702650186; cv=pass;
d=google.com; s=arc-20160816;
b=M+8AFAJvoNIO5RUU/xpgDXX3WNEVIurvZi9EojTnSBQ7qkK71ZfaZeDi0GK6tcZ3Rg
gTVo54sCYpN5clHT3jUq464cOSzj5COhkTh5g+q5PnYWUxiuctL0DErSUMGRtX1UfiM6
gGf2aX+20oc7hQl0wGDTGvmpl0bEhTHkbi/gVk0bFF1KZOtWSQjUyOi6R24iI6CGCmLz
JzrAZZb0aVASS2V1pKTgKRulz4oVNreFyux6ELyNd3ZJnbnMtaKnKQ56ENOfjBobFh/t
4p1CYWO2H8C7jV/LmXgGwMB7ry3pke/qzeB7pYguQd7MMZVjnepZhoGxwqWZUEQdZuZU
nE2Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:mime-version:message-id:date
:subject:to:from:sender:dkim-signature:dkim-signature;
bh=3O1Td7cxvT/0yY1qSoZgmbFR6TUdk1d3s2EzTHsMjCw=;
fh=nvZsCFpxgpf+fsVXzjnWA8g1K3V/kNbRAKogjNDW4HY=;
b=v8/PYSxaEKy85zqPFcowXOJccvLtpaBfwIYclrH66CaWB5wB9gIs2AxhTRORVxSgxJ
Fwi4CPeClwUTkOzgi+K+PslQtEYBbyQr+uR/ebXfL4u8at5RrVFAwEa6m4PnZKIBFDJa
q2vQevcI50+pHLaEesuKQYgkaTkwmfexFGma1RSvsxZt1mGzT1UltpFtbkzmdo4E7vhh
cy39cxt44lpjQ6wSa/FdDpqc0HYnoVdB9jsJSxXVt0Yeah8kjIPRvx7iqO04sTGBCla1
77QaAX6tbMS6G0AhMnzP1IuCH0T/AASyNOoWYwcfogSOtpDvIdpAGC/5D2QRWSAjB4i0
5yyA==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=Qef6VwLO;
spf=pass (google.com: domain of m.glembo@gmail.com designates
2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1702650186; x=1703254986;
darn=patchwork.ozlabs.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:mime-version:message-id:date:subject:to:from
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=3O1Td7cxvT/0yY1qSoZgmbFR6TUdk1d3s2EzTHsMjCw=;
b=SJKHsPkOGNziP5HN4QpKYb1It5gW9+RI/qRyalq08oTd7CBa4VW58Ufly+GhRO+xvD
IMrEiG0YgoXosDS+FLdirb5O3pPaaO3bMOvnlvjU04XpXRIrKkm2TFECaJB22RdlmWPH
hobd54lp/y2C4EskF9h/4RouDvN1a0SxMoD+9opOBQeli7a1UMAdjSwM1cgKxNbB4JNW
ZQofXAlW01Hd+MKLXhwG+SLYtWaOAvr6eWtMseCoJ01GDN07YBbwDUgh+1sBoejxIC9Q
AWoHeeTmZsG12SwfrGf1VQmgEKGLqQH+vp2c/nNbZVFkRvQE61p1YP/L8q6NrW109eP/
FTqQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1702650186; x=1703254986;
darn=patchwork.ozlabs.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:mime-version:message-id:date:subject:to:from:from
:to:cc:subject:date:message-id:reply-to;
bh=3O1Td7cxvT/0yY1qSoZgmbFR6TUdk1d3s2EzTHsMjCw=;
b=nSmYINkHW05k2GLtGvE06o7PTa/oZ+FNzmyVe2xhwSPziEdlCFTiRkzclhTluPys6K
BTWTzkPjTtvNi4m6FKuv/R/TVBdPCwz0divKrYsj54lURDV73GGcjKKs8TChoaKcIQGn
J8HhlYaR4AHhOWZfFRaluXv8cSnjanXVm11xxSET2wshI9Rsh6Iw3Hj/23dLeYPHeDiC
Bac+BFzlJ1VJY0QvrYzyvoQtcL+RWfDkxu6IJ0WkXCWW+SRJ1wk0kdKgxvAPICuh9DXG
lzSCqgKgHWTPkV42I5hBPq+zXY0zCyE0Mv/YhVkuzMGzEB2Mv5YiQYrWMz1N7mMctRhb
Z5hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1702650186; x=1703254986;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence
:x-original-authentication-results:x-original-sender:mime-version
:message-id:date:subject:to:from:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=3O1Td7cxvT/0yY1qSoZgmbFR6TUdk1d3s2EzTHsMjCw=;
b=WgdJuPpvwas7/VV9AUoWdhu7RVJa1oIvc0HCneqIYw7cn8PJn+x68DTDlqz00hIYeM
3ENJqTcLgg+UelB1PMIT86PfjPbbYS6JSR74JvzCxvcBUlOy/4ya2lLWvGXHfv9kOweD
wCA/k4NBsikc6E/4LoKz8LipI+nIB4If9GBv98gkUs4RrNpCprErT/G8ZrSs8nfqdsIy
hyKpEj2EMffCutsnJKhrtVLOH51LiXXMsvY86CRZ1AIkYUo8W3HQ/gEFM/E9/F7GMsxS
2EjffkSD08oAZN6fZbHT/W3iUcF7in4CRlGxlw1atAkiPd/WioSXHeU0U63ia4cnIHb9
1r3A==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOJu0Yxk5GSOX2j4eaiyTwPnkjRc3Ii7lUVLV/yORFI9R9UObJRjPSmR
XMngkfW4Tlz9FlhCx5LecyQ=
X-Google-Smtp-Source:
AGHT+IFYCarMLGPPOvaEZuS8h62u0kNgRsFNjy7C1JNBfx5FI0OrGZc43GPxKB5Z1hJELcLgv/pisQ==
X-Received: by 2002:a7b:c416:0:b0:40c:33f2:dc87 with SMTP id
k22-20020a7bc416000000b0040c33f2dc87mr3066117wmi.351.1702650185545;
Fri, 15 Dec 2023 06:23:05 -0800 (PST)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:600c:1c06:b0:40c:6025:3c4c with SMTP id
j6-20020a05600c1c0600b0040c60253c4cls129720wms.1.-pod-prod-08-eu; Fri, 15 Dec
2023 06:23:03 -0800 (PST)
X-Received: by 2002:a05:600c:214d:b0:40c:2aeb:a7e0 with SMTP id
v13-20020a05600c214d00b0040c2aeba7e0mr2936078wml.376.1702650183266;
Fri, 15 Dec 2023 06:23:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702650183; cv=none;
d=google.com; s=arc-20160816;
b=Tb5Hum5geV1/2Hn99h1Z89fmvnhxg9D/ZpxbS+IDhGA4SED8Zs8LV6D20MidOihCkd
I4p4nl2UKC0F8AINDCBx6R7B8GGqOD7PTBgVbnhzfo2Pwl7ugdHjSEvmbyLDfpHXW2rq
IWZQIESeSe0eO9nJaKqGYhredK49KeZ7C0R4lfzBYejiaHIVTjVK/kdvILMgaQEJ7mQ8
I/FzRlFNi+VyyE14cj0jUR1fHLXkj7XwDBNx1jiL2+J4FWy3tJO2dEHJf1IatNrV9z3c
Y+x7g1afjetGpDqHEBCWyi9GCMlM81gVPCOjuDWKD1k0J53l5pagmdmBs3Xv+gobjAYI
+uiQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:message-id:date:subject:to
:from:dkim-signature;
bh=dhxjuGp01q6RXw9sTOaubWnnVBgnFAG52+hrRzWxz3w=;
fh=nvZsCFpxgpf+fsVXzjnWA8g1K3V/kNbRAKogjNDW4HY=;
b=C0cSVY84kdCyovaGs9fPLItVPgalEYTMEsoRsBBqhQafP3yVYoxU4g/HKuO1Dl+UTr
e1kgXF3l2IjVWWWUTJOzQycSaQM+iJcQ0MgquJ7Sk06TE7J2qZNvlK4W2icmeGva/twR
5B91oI75SZtnkNeNvdytapXQu9yReq4LAKcxQ91CdUN6annvMFRF65zyfidClf0YDQYG
ACdxqvNI+xMLXpI5jlEUNH1j/M+cX9wcK0dsa0QLftTy3Ku1npUtmXOja6jdhLrMQ7xl
ff8eeLgznXC/Is5/aPPmCaBuGkdgN2qVio7IP7doWQR+ltO3MJizID02HWgZWi3CeYWr
meDQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=Qef6VwLO;
spf=pass (google.com: domain of m.glembo@gmail.com designates
2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com.
[2a00:1450:4864:20::62e])
by gmr-mx.google.com with ESMTPS id
p37-20020a05600c1da500b0040c37c4c22asi738317wms.0.2023.12.15.06.23.03
for <swupdate@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Fri, 15 Dec 2023 06:23:03 -0800 (PST)
Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates
2a00:1450:4864:20::62e as permitted sender) client-ip=2a00:1450:4864:20::62e;
Received: by mail-ej1-x62e.google.com with SMTP id
a640c23a62f3a-a1ef2f5ed01so97663566b.0
for <swupdate@googlegroups.com>; Fri, 15 Dec 2023 06:23:03 -0800 (PST)
X-Received: by 2002:a17:906:c141:b0:a12:7a14:5355 with SMTP id
dp1-20020a170906c14100b00a127a145355mr3256672ejc.39.1702650182211;
Fri, 15 Dec 2023 06:23:02 -0800 (PST)
Received: from PC-2635.irisgmbh.local
(dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41])
by smtp.gmail.com with ESMTPSA id
vx6-20020a170907a78600b00a1e852ab3f0sm10944029ejc.15.2023.12.15.06.23.01
for <swupdate@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 15 Dec 2023 06:23:01 -0800 (PST)
From: Michael Glembotzki <m.glembo@gmail.com>
To: swupdate@googlegroups.com
Subject: [swupdate] [V3][PATCH 0/10] Add support for asymmetric decryption
Date: Fri, 15 Dec 2023 15:19:37 +0100
Message-ID: <20231215142251.52393-1-Michael.Glembotzki@iris-sensing.com>
X-Mailer: git-send-email 2.42.0
MIME-Version: 1.0
X-Original-Sender: m.glembo@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=Qef6VwLO; spf=pass
(google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e
as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
<mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
<mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/swupdate/subscribe>
|
| Series |
Add support for asymmetric decryption
|
expand
|
Hi Stefano, I wasn't sure if you were done with the review. Here comes the V3. The return type of is_hex_str has been adjusted. Another new fix is that the ivt and the aes-key are only set if the length is valid. Previously it was possible to send ivt/aes-key strings that were too long. Please note that patch file: [V2,03/10] util: Remove unused function extract_next_file was not sent again, but should also be applied, too. Please let me know if there are any further change requests. Best regards Michael Michael Glembotzki (10): util: BUG: set_aes_key does not fail on invalid aes key or ivt util: BUG: __swupdate_copy accepts invalid ivt parser: BUG: Invalid image ivt size parser: Read aes-key from sw-description into struct img_type sslapi: Add priv key/cert to swupdate_digest for asym decryption Add support for asymmetric file decryption with CMS swupdate: Initalize the recipient key pair for asym decryption cpio_utils: Add argument imgaeskey to __swupdate_copy interface Add support for asymmetrical encrypted images doc: Add documentation for asymmetric decryption Kconfig | 12 +++ core/cpio_utils.c | 45 +++++++++-- core/installer.c | 8 ++ core/parsing_library.c | 38 +++++++++ core/stream_interface.c | 41 ++++++++-- core/swupdate.c | 44 +++++++++- core/util.c | 25 ++++++ corelib/Makefile | 3 + corelib/lua_interface.c | 2 + corelib/swupdate_cms_decrypt.c | 112 +++++++++++++++++++++++++ doc/source/asym_encrypted_images.rst | 153 +++++++++++++++++++++++++++++++++++ doc/source/encrypted_images.rst | 2 + doc/source/index.rst | 1 + doc/source/roadmap.rst | 5 -- doc/source/sw-description.rst | 13 ++- examples/configuration/swupdate.cfg | 3 + handlers/copy_handler.c | 1 + handlers/delta_handler.c | 1 + handlers/rdiff_handler.c | 1 + handlers/readback_handler.c | 1 + include/parselib.h | 2 + include/sslapi.h | 9 +++ include/swupdate.h | 1 + include/swupdate_image.h | 1 + include/util.h | 7 +- parser/parser.c | 3 +- 26 files changed, 507 insertions(+), 27 deletions(-)